General
-
Target
EA #44366209.docx
-
Size
10KB
-
Sample
210609-zx7j581tf2
-
MD5
9896dc7905c49361f0eb7185585d81a9
-
SHA1
2378ab96106c968c587f2ab85cf24fd57d040afd
-
SHA256
fc38d73c4dd651a49817f58fe70cf00fca3b3e4b3c1c062c4fa816cb1d95565c
-
SHA512
84204157fc9e66fea5684e53b9ee8cc09ea043099575136ddf2417eec9c4fda1634879bc3770771a671c682b65cd8b9a092b838e55c05c42fb7ba79ed8a49703
Static task
static1
Behavioral task
behavioral1
Sample
EA #44366209.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
EA #44366209.docx
Resource
win10v20210408
Malware Config
Extracted
http://kabaka.ddns.net/udara/a.wbk
Extracted
lokibot
http://173.208.204.37/k.php/mvM4bZPtu0I2s
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
EA #44366209.docx
-
Size
10KB
-
MD5
9896dc7905c49361f0eb7185585d81a9
-
SHA1
2378ab96106c968c587f2ab85cf24fd57d040afd
-
SHA256
fc38d73c4dd651a49817f58fe70cf00fca3b3e4b3c1c062c4fa816cb1d95565c
-
SHA512
84204157fc9e66fea5684e53b9ee8cc09ea043099575136ddf2417eec9c4fda1634879bc3770771a671c682b65cd8b9a092b838e55c05c42fb7ba79ed8a49703
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-